Amazon VPC Flow Logs App Dashboards

The Amazon VPC Flow Logs App provides Live and Interactive Dashboards that provide insight to rejections, traffic, activity and more.

Live Dashboards

Sumo Logic Live Dashboards constantly update as data comes in, providing a real time view of your systems. They display data from the time they are created going forward. This means that the data Panels do not “backfill”, but only fill up as new data comes in. Any change to the time range of a data Panel will reset it. For more information on Live Dashboards, see About Dashboards.

Overview

Source Address Locations. Performs a geo lookup operators and displays the number of source address locations on a map of the world by IP address for the last 24 hours.

Top 10 Source Addresses by MB. Displays the top 10 source address IPs by MBs in a bar chart for the last 24 hours.IPs by MBs in a bar chart for the last 24 hours.

Top 10 Destination Addresses by MB. Lists the top 10 destination address IPs by MBs in a bar chart for the last 24 hours.IPs by MBs in a bar chart for the last 24 hours.

Rejections per Minute. Shows the number of rejections per minute in a column chart on a timeline for the last hour.

Actions. Provides the number of accept and reject actions in a pie chart for the last 24 hours.

Log Status. Shows the log status as a pie chart for the last 24 hours.

Flow Records by InterfaceID. Displays the Flow Records by InterfaceID in a pie chart for the last 24 hours.

Top 10 Destination Ports by Flow Record. Lists the top 10 destination ports in a bar chart for the last 24 hours.

Flow Records per Protocol by Hour. Displays the Flow Records per protocol used in a bar chart on a timeline for the last 24 hours.

Rejections

Source Address Locations - REJECTs. Performs a geo lookup operators and displays the number of source address locations REJECT actions on a map of the world by IP address for the last 24 hours.

Top 10 REJECT Source Addresses. Displays the top 10 Source Addresses with REJECT actions in a pie chart for the last hour.

Top 10 REJECT Destination Addresses. Lists the top 10 Source Addresses with REJECT actions in a pie chart for the last hour.

Top 10 REJECT Source Addresses, Ports. Shows the top 10 Source Addresses with REJECT actions by Source Port in a pie chart for the last 24 hours.

Top 10 REJECT Destination Addresses, Ports. Displays the top 10 Destination Addresses with REJECT actions by Destination Port in a pie chart for the last 24 hours.

REJECTs by Source Address. Shows the number of REJECT actions by Source Address in a stacked column chart on a timeline for the last hour.

Top 10 REJECTs by InterfaceID. Lists the top 10 REJECT actions by InterfaceID in a pie chart for the last hour.

Top 10 REJECTs by Protocol. Lists the top 10 Source Addresses with REJECT actions by protocol in a pie chart for the last 24 hours.

REJECTs by Minute - Outlier. Displays REJECT actions by minute in an outlier chart on a timeline for the last hour.

REJECTs by Minute - Trend. Uses the predict operator to display a trendline of the REJECT actions by minute on a timeline for the last hour.

REJECTs by InterfaceID, Destination Address. Displays the number of REJECT actions by InterfaceID and Destination Address in an aggregation table for the last hour.

Traffic

Actions by Minute - Outlier. Displays actions by minute in an outlier chart on a timeline for the last hour.

Actions by Minute - Trend. Uses the predict operator to display a trendline of actions by minute on a timeline for the last hour.

Top 10 Actions by Protocol. Shows the top 10 actions by protocol in a pie chart for the last 24 hours.

Bytes by Minute - Outlier. Displays the number of bytes by minute in an outlier chart on a timeline for the last hour.

Bytes by Minute - Trend. Uses the predict operator to display a trendline of bytes by minute on a timeline for the last hour.

Top 10 Ports by Action. Displays the top 10 ports by accept and reject actions in a stacked bar chart for the last 24 hours.

Packets by Minute - Outlier. Displays the number of packets by minute in an outlier chart on a timeline for the last hour.

Packets by Minute - Trend. Uses the predict operator to display a trendline of packets by minute on a timeline for the last hour.

Packets Box Plot. Shows the number of packets by minute as a box plot chart, which depicts data using quartiles, on a timeline for the last hour. Hover over the chart to see quartile details in a pop up.

Interactive Dashboards

Sumo Logic Interactive Dashboards populate completely every time you launch them, including “backfilling” data. This means there will be a delay before you see all the data. If you change a time range, the data Panels will re-run the search. For more information on Interactive Dashboards, see About Dashboards.

Activity

Source Address Locations. Performs a geo lookup operators and displays the number of source address locations on a map of the world by IP address for the last hour.

Actions by InterfaceID. Provides the number of actions by InterfaceID in a pie chart for the last hour.

Actions by Source Address Over Time. Shows actions by Source Address in a stacked column chart on a timeline for the last hour.

Flow Record Count by Source Address. Displays the Flow Record count by Source Address in a pie chart for the last hour.

Actions by Destination Address Over Time. Shows actions by actions by Destination Address in a stacked column chart on a timeline for the last hour.

Flow Record Count by Destination Address. Displays the Flow Record count by Destination Address in a pie chart for the last hour.

Traffic

Actions by Minute - Outlier. Displays actions by minute in an outlier chart on a timeline for the last hour.

Actions by Minute - Trend. Uses the predict operator to display a trendline of actions by minute on a timeline for the last hour.

Bytes by Minute - Outlier. Displays the number of bytes by minute in an outlier chart on a timeline for the last hour.

Bytes by Minute - Trend. Uses the predict operator to display a trendline of bytes by minute on a timeline for the last hour.

Packets by Minute - Outlier. Displays the number of packets by minute in an outlier chart on a timeline for the last hour.

Packets by Minute - Trend. Uses the predict operator to display a trendline of packets by minute on a timeline for the last hour.

Recommended articles

Sumo Logic is the industry’s leading secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence across the entire application lifecycle and stack. More than 1,000 customers around the globe rely on Sumo Logic for the analytics and insights to build, run and secure their modern applications and cloud infrastructures.